Skynet Skynet - Router Firewall & Security Enhancements

[randomName]

Is it possible to block the Trend Micro Signature update? The default signature 2.066, or whatever it is, correctly routes my game traffic.

EDIT: I also rolled back to 384.16 firmware and everything is running smoothly with Skynet.

EDIT2: So I went back to 384.17 and this time used USB 2.0 mode and it Skynet installed properly.

 

[Jayshere]

oh, so the norm is the use diversion for stuff like mmstat and just let skynet run on auto with it's own auto updated blacklist? is that what most people are doing? I was just about to say. how to do you wildcard in skynet with all it's subdomain.

right on the bullseye...if this setup still doesn't work for u don't get dis-encouraged, u might still need to fix the dns thingy...afaik, if u have a dns leak u may still be force-presented the initial login page...that's the sophistication the system has grown!

 

[randomName]

9am EST is the github page down for the install via putty? I've completely reset my modem twice this morning since 7am and I can't get it to load/install vai putty.

EDIT: 9:01 am it's installing, wtf, sigh

 

[barzot]

Good morning everyone.

After an automatic malware list update this morning, many sites I visit can't be connected to, and Skynet reports Outbound blockages. Just a few examples: microsoft.com, pandoc.org, pool.ntp.org...
So it's not a question of unbanning those one at a time, there's clearly a faulty IP list.

I've searched through Skynet, but its rich interface doesn't give me which original IP list contain the blocked IPs, only some stats.
I know there's an option to exclude individual lists, so it's just a matter to know which one.
Unless I've missed an option, so sorry in advance if it is so.

I guess the usual solution is to wait until the IP list maintainers correct their error (although blocking Microsoft might have underlying motives), but sill I'd like to know how to find the faulty IP list through Skynet.

(I'll try later to manually downloading them and do a search)

 

[dave14305]

Good morning everyone.

After an automatic malware list update this morning, many sites I visit can't be connected to, and Skynet reports Outbound blockages. Just a few examples: microsoft.com, pandoc.org, pool.ntp.org...
So it's not a question of unbanning those one at a time, there's clearly a faulty IP list.

I've searched through Skynet, but its rich interface doesn't give me which original IP list contain the blocked IPs, only some stats.
I know there's an option to exclude individual lists, so it's just a matter to know which one.
Unless I've missed an option, so sorry in advance if it is so.

I guess the usual solution is to wait until the IP list maintainers correct their error (although blocking Microsoft might have underlying motives), but sill I'd like to know how to find the faulty IP list through Skynet.

(I'll try later to manually downloading them and do a search)

Run this to identify which blocklist the IP belongs (if it is blocked):

sh /jffs/scripts/firewall stats search ip 8.8.8.8

Replace 8.8.8.8 of course.

 

[barzot]

Sorry, should have been more explicit when I said "I searched through Skynet", and say I've done that command already.
There's no specific IP list given, only that the IP "is in set Skynet-BlockedRanges".
The first report of blockage (for e.g. pandoc.org) was at 4:35 am this morning (NY time, say).
I'd unban, but there's a few more and don't know the extent of the bans.

/Edit: and I did try to update the lists again before posting.
/Edit2: not all Microsoft is banned, sorry if I was unprecise.

 

[CriticJay]

sad to say I havent found a way to deal with it unless I build a localized dns. ping to 8.8.8.8 or to 8.8.4.4 would get 50% dropped packets. attempting to use a non china DNS would result in 1/2 the local china websites unable to load. not to mention glitchy sub-district DNS.
skynet has helped me blocking several huawei websites and almost all of baidu servers. and many other sties like 360.cn and stuff, to prevent my staff from downloading those junk applications.

china websites have reach the level of annoying to irritant. i used to be able to block mmstat.com and their subdomains. ( those data collection stuff) but now if you were to block it, most china sites after you login, you get thrown back to the login screen. sites like taobao.com and alipay and many others. so the china sites, if you dont allow them to data mine you they dont let you use their services.

recently my VPN has been glitchy also. I have a few private built VPN servers that i threw in my a few of my consenting friends house outside of china. all on dynamic IP.
even then, in the past 3 months. after using VPN for 30mins or less. the data would just stop. meaning all ping would no longer work, all packets dropped. almost as if the china cant see that you are communating they would just terminate that connection. using open VPN XOR helps once awhile .but I mainly use AES256

I had no idea it was so challenging to have privacy on your internet connection in China. Thanks for sharing!

 

[barzot]

/Update: I should add that for all those outbound blocked IP, the "Ban Reason" given is simply an asterisk "*".

Didn't find any range in the IP lists (nor the aggregated list skynet.ipset) to explain the blocks.

For now I've disabled Skynet. I seem to be the only one with this problem, so could be on my side, not an IP list after all... don't know...

/Edit: All's right now! I updated the IP lists again, situation back to normal.

But I did keep old skynet.ipset... and it showed:

add Skynet-BlockedRanges 64.0.0.0/2 comment "BanMalware: firehol_level2.netset"

Isn't that a bit wide!? LOL It's not in the newest skynet.ipset of course...

Anyways, don't know what happened, but ok for now...

 

[andywee]

I had no idea it was so challenging to have privacy on your internet connection in China. Thanks for sharing!

yeah, unfortunately it is. especially during this period where they really want to control every information.

right on the bullseye...if this setup still doesn't work for u don't get dis-encouraged, u might still need to fix the dns thingy...afaik, if u have a dns leak u may still be force-presented the initial login page...that's the sophistication the system has grown!

oh you are right. full blocking mmstat seems to be fine! nice! the DNS so far is fine. I have to put up with it. china has also blocked port53 outgoing from china it seems. I know a few public non-google government DNS but china has got problems accessing to it. so just like openVPN, TLS might get blocked and you end up with no DNS at all. for me i would just rather do a flushdns regularly.

 

[randomName]

So again, what ip address do we use to block Trend Micro updates?

 

[Butterfly Bones]

So again, what ip address do we use to block Trend Micro updates?

I found this with Google.
http://www.weatherimagery.com/blog/asus_trendmicro_data_collection/

 

[dave14305]

So again, what ip address do we use to block Trend Micro updates?

If you look at /usr/sbin/sig_upgrade.sh you can see the URL contains dlcdnets.asus.com. You could block that name at your own risk/reward.

 

[randomName]

I thought there might be a simple specific ip address to block the signature update, using Skynet. I'm just interested in the default 2.066 def parameters as it routes my gaming traffic correctly.

 

[here1310]

@Adamm:
can you please tell me where blocked ASNs are saved as cfg? These entries are missing in skynet.cfg ??
After a reboot I had to enter the ASNs again ...

https://www.anti-attacks.com/daten-abfrage/asn-abfrage/?abfrage_asn=AS4134

 

[randomName]

If you look at /usr/sbin/sig_upgrade.sh you can see the URL contains dlcdnets.asus.com. You could block that name at your own risk/reward.

Is it also possible to rename, delete, or edit, the file so it won't update?

I've added all the trend micro DNS names to Skynet and am about to test and see if the signature will update.

EDIT: It looks like the signature update failed so for me that's what I was looking for, to have my Gaming Traffic categorized correctly.

 

[randomName]

I'm looking to blacklist all the Samsung call-home DNS names I've found. There is a HUGE list. To import a file for Blacklist, what file type is needed, where is it suppose to be, how do I import a blacklist from a local file? Just a text file with all the names listed in the file?

 

[Butterfly Bones]

I'm looking to blacklist all the Samsung call-home DNS names I've found. There is a HUGE list. To import a file for Blacklist, what file type is needed, where is it suppose to be, how do I import a blacklist from a local file? Just a text file with all the names listed in the file?

Look at post #2!
https://www.snbforums.com/threads/r...wall-security-enhancements.16798/#post-115872

Example Import Commands;
( firewall import blacklist file.txt "Apples" ) This Bans All IPs From URL/Local File With The Comment Apples
( firewall import whitelist file.txt "Apples" ) This Whitelists All IPs From URL/Local File With The Comment Apples

 

[randomName]

Look at post #2!
https://www.snbforums.com/threads/r...wall-security-enhancements.16798/#post-115872

Example Import Commands;
( firewall import blacklist file.txt "Apples" ) This Bans All IPs From URL/Local File With The Comment Apples
( firewall import whitelist file.txt "Apples" ) This Whitelists All IPs From URL/Local File With The Comment Apples

So the local file needs to be on a drive connected to the USB port? Local?

 

[dave14305]

I'm looking to blacklist all the Samsung call-home DNS names I've found. There is a HUGE list. To import a file for Blacklist, what file type is needed, where is it suppose to be, how do I import a blacklist from a local file? Just a text file with all the names listed in the file?

Why not just blacklist them in Diversion or dnsmasq.conf.add if you don’t use Diversion? Trying to ban individual IPs to encompass a dns name is prone to “misses”.

 

[randomName]

Why not just blacklist them in Diversion or dnsmasq.conf.add if you don’t use Diversion? Trying to ban individual IPs to encompass a dns name is prone to “misses”.

I didn't like Diversion. Maybe I'll look into it again, one day.

I have no idea what dnsmasq.conf.add is, how to use it, how to install it, or where to get it from.